Hungary
Unnamed financial institution
GDPR enforcement action by Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) on 2019-03-04.
Case details
- Authority
- Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)
- Date
- 2019-03-04
- Controller / Processor
- Unnamed financial institution
- Sector
- Finance, Insurance and Consulting
- Quoted Articles
- Art. 5 (1) b) GDPR, Art. 5 (1) c) GDPR, Art. 13 (3) GDPR, Art. 17 (1) GDPR, Art. 6 (4) GDPR
- Type of violation
- Insufficient fulfilment of data subjects rights
Summary
The fine was imposed in relation to a data subject's request for data correction and erasure. NAIH levied a fine against an unnamed financial institution for unlawfully rejecting a customer’s request to have his phone number erased after arguing that it was in the company's legitimate interest to process this data in order to enforce a debt claim against the customer. In its decision, the NAIH emphasised that the customer’s phone number is not necessary for the purpose of debt collection because the creditor can also communicate with the debtor by post. Consequently, keeping the phone number of the debtor was against the principles of data minimisation and purpose limitation. As per the law, the assessed fine was based on 0.025% of the company's annual net revenue.
Related fines